Oh, hadn't refreshed the page before posting my last comment and I missed your added info.
The code I added will only really help if the username we search for anonymously matches the unique identifier defined in the account filter. This actually translates to sentUsername + accountSuffix if setup in the wpDirAuth prefs [optional].
Here's an example which might help you with part involving locating the user's profile, whether for dn pre-mapping (added code), or binding:
In what I've seen in other php/ldap related code, people seem to default the field on which we try to locate the profile with to samAccountName (hence the default in wpDirAuth), which seems to be assumed to be the same value as the username used to bind with.
In my context, the samAccount is in one form, but the username used to bind (first.last@myDomaincontroller, not full dn) with simple auth actually matches a field named userPrincipalName.
So in my setup, I expect users to enter first.last@myDomainController, leave the Account Suffix pref empty (since we have multiple ones), and set my Account Filter to userPrincipalName.
As an aside, I'm realizing that I need to make sure the added code didn't open a hole if the anonymous search returns more than one entry, since we ultimately default to entry when returning to wp_login.